Creating a Malware Database: The Ultimate Protection

Even before the world went digital, paper-based databases helped countless organizations uncover important patterns and insights that made all the difference for research and specific initiatives. Now that technology has made the creation and utilization of such a collection of data easier, more groups are relying on their databases for the wealth of intelligence they can provide.

Take, for example, the health care industry, which boasts several databases accessible to doctors, nurses and other practitioners. With this knowledge at their fingertips, a doctor could consult specific previous cases to gain insight into how to help a current patient.

One of the most well known databases is maintained by the Center for Disease Control, first created in 1946 in response to severe outbreaks across the globe, serving as an industry standard for data and insights about diseases and treatments. Forbes contributor Dave Lewis noted that this organization has made quite the impact, enabling health care groups to not only learn from the past, but to work proactively to prevent illnesses.

In this day and age, the technology sector is currently suffering from more than a few outbreaks. These illnesses, however, come in the form of viruses and malware infecting a range of devices in the consumer and enterprise sectors. In fact, a recent report shows that malware is now being created faster than ever before, threatening an increasing number of endpoints every day.

As the threat landscape grows, many – including Lewis – began wondering why a database similar to the CDC doesn’t exist for malware samples. Such a resource could be invaluable to information security, providing the same kind of insights the health care industry benefits from. Currently, the FBI is working to amass such a database, but faces challenges as black hats continue to crank out new malware at record-breaking speed.

Malware: A new sample born every 4 seconds
Dark Reading contributor Ericka Chickowski recently reported on findings from G DATA SecurityLabs, which discovered that during the second half of 2014, a new malware sample was created every four seconds. This contributed to the 4.1 million samples uncovered during that time period.

Last year, malware authors were clearly busier than ever, creating 6 million new malware strains over the course of the entire year. This represented a 77 percent increase over the number of samples discovered in 2013.

According to G DATA SecurityLab’s Malware Report, Trojans and adware took the cake, representing the first and second most frequently-created malware samples last year respectively. While Trojans still remain king, researchers found that the number of adware strains was quickly increasing – growing at a rate of 31.4 percent compared to 2013 – and could be on pace to strip Trojans of their first place title.

FBI working to create malware database
With so many new samples being created each year, it might be difficult to maintain an up-to-date malware database. However, the FBI appears to be giving it a try.

According to The Verge contributor Kwame Opam, the organization’s Investigative Analysis Unit encouraged security vendors to assist in the project, asking them to provide quotes about on current malware samples. Although the FBI remains quiet about how the quotes and software will be used, it did note that it needed the samples for “global awareness” of the malware threat landscape.

“Critical to the success of the IAU is the collection of malware from multiple industry, law enforcement and research sources,” stated the IAU’s listing.

If it were up to Lewis, a malware database like this – which could hold the key to not only protecting sensitive data from current threats, but mitigating future samples – would already exist.

“Why do we not have this function? Why do we have numerous anti-virus companies creating definition files for malware with wildly disparate names?” Lewis wrote. “When there is a significant outbreak these companies are helpful in that they quite often release a free tool to help people recover from an infection such as with ransomware. Helpful, but something is missing.”

In order to truly protect the world from the growing number of malware samples, security companies and other entities must come together to create an all-encompassing database for previous and the most recent infections. This type of resource could be a game-changer for the industry, but only if those with the power to establish it work to do so.